Snort-to-iptables rule translator

This allows network traffic that matches Snort signatures to be logged
and/or dropped by iptables directly without putting any interface into
promiscuous mode or queuing packets from kernel to user space.